Bug #19008
openrgw: adding bucket lifecycle does not work with V4 signature
0%
Description
When trying to set a new bucket lifecycle using the AWS SDK, the request fails with "501 Not Implemented".
PUT /pdtest_expire_test?lifecycle HTTP/1.1 […] <?xml version="1.0" encoding="UTF-8"?> <LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Rule><ID>test</ID><Status>Enabled</Status><Expiration><Days>1</Days></Expiration><Prefix></Prefix></Rule></LifecycleConfiguration> HTTP/1.1 501 Not Implemented […] <?xml version="1.0" encoding="UTF-8"?><Error><Code>NotImplemented</Code><RequestId>tx000000000000000001e40-00589cff17-6f1d60-default</RequestId><HostId>6f1d60-default-default</HostId></Error>
The cluster is running version 11.2.0.
After increasing the log level in one rgw instance I can see following lines:
2017-02-10 01:08:51.225783 7fdc60167700 10 delaying v4 auth 2017-02-10 01:08:51.225785 7fdc60167700 10 ERROR: AWS4 completion for this operation NOT IMPLEMENTED 2017-02-10 01:08:51.225788 7fdc60167700 10 failed to authorize request 2017-02-10 01:08:51.225789 7fdc60167700 20 handler->ERRORHANDLER: err_no=-2201 new_err_no=-2201
Using s3cmd with V2 signatures, the request is successful. Forcing s3cmd to use V4 signatures, the request fails again.
As support for V2 signatures is fading out and therefore gets removed from AWS SDK I think being able to use V4 signatures with radosgw for as much operations as possible would be a good thing.
Updated by Anton Iakimov about 7 years ago
I have the same with 'aws-sdk' gem 2.7.11 and 's3cmd' 1.6.1. Ceph is 11.1.0.
Updated by Ben Hines about 7 years ago
This is presumably the same as http://tracker.ceph.com/issues/17076 - possible fixed already with the same fix?
Updated by Nathan Cutler about 7 years ago
- Project changed from Ceph to rgw
- Category deleted (
22)
Updated by Nathan Cutler about 7 years ago
- Related to Bug #17076: AWS S3 Version 4 signatures fail sometimes. added
Updated by Nathan Cutler about 7 years ago
Ben Hines wrote:
This is presumably the same as http://tracker.ceph.com/issues/17076 - possible fixed already with the same fix?
I don't think so - the SHA1 of the fix is 20e5ff023ebad89c386a520d07613547d4836399 and it is included in the kraken (v11.2.0) release.